Security flaws found in top Chinese web browsers

Telegram at the forefront of privacy debate
Telegram at the forefront of privacy debate

China's leading web browsers have serious security issues that make users' personal information vulnerable, according to a research group that focuses on technology and human rights.

A report published this week by the Citizen Lab at the University of Toronto says the Windows and Android versions of Tencent's (TCEHY) popular QQ Browser hoover up and then transmit personal data with little or no encryption.

That follows two previous reports by the group that identified similar problems in widely used browsers belonging to Chinese tech giants Alibaba (BABA) and Baidu (BIDU).

"Web browsers are trusted to carefully handle sensitive information inputted by users and securely transmit it to Web servers," the Citizen Lab said. "However, QQ Browser and the other browsers studied violate this standard of trust by not only collecting sensitive user data themselves, but then also insecurely transmitting it."

The issues put users at risk of surveillance from third parties, including governments, according to the report.

The vulnerable information can include location data, search queries, websites visited and ID numbers tied to users' devices.

Related: Mark Zuckerberg met with China's propaganda chief

Tencent said in a statement that it had "investigated and resolved" the concerns that Citizen Lab raised with the company last month ahead of the publication of the report. The tech firm said its privacy policy was consistent with industry standards.

But the Citizen Lab researchers said their checks of the most recent updates of QQ Browser found that some of the issues remained unresolved or had only been partially fixed.

They said further investigation was needed to figure out why the browsers from the three Chinese companies showed "strikingly similar data gathering and insecure data handling problems." One possible scenario they put forward was government directives or "informal pressure" from security officials.

Internet companies inside China are already known to have to comply with the country's efforts to censor sensitive material and monitor users.

Alibaba, whose UC Browser was the subject of a May 2015 report by the Citizen Lab, said it takes user privacy seriously, adding that "there was no evidence that user data was ever taken."

Baidu's browser came under scrutiny in a report last month by the research group. The company pledged to improve security in responses it gave to the Citizen Lab, which said several of the issues flagged remained unresolved as of late February.

CNNMoney Sponsors